Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix it #58923

Merged
merged 4 commits into from
Nov 14, 2023
Merged

Fix it #58923

merged 4 commits into from
Nov 14, 2023

Conversation

zhiheng-liu
Copy link
Contributor

@zhiheng-liu zhiheng-liu commented Nov 11, 2023
edited by luotao1
Loading

PR types

Others

PR changes

Others

Description

Use shlex.quote to filter path of paddle binary
Original PR:#52944

@paddle-bot Paddle-bot
Copy link

paddle-bot bot commented Nov 11, 2023

你的PR提交成功,感谢你对开源项目的贡献!
请关注后续CI自动化测试结果,详情请参考Paddle-CI手册
Your PR has been submitted. Thanks for your contribution!
Please wait for the result of CI firstly. See Paddle CI Manual for details.

@paddle-bot paddle-bot bot added the contributor External developers label Nov 11, 2023
@gouzil gouzil requested review from risemeup1 and removed request for gouzil November 12, 2023 02:07
@gouzil
Copy link
Member

gouzil commented Nov 12, 2023

@risemeup1 注意一下shlex模块并不能保证windows的准确性

@luotao1 luotao1 added the HappyOpenSource 快乐开源活动issue与PR label Nov 12, 2023
@luotao1 luotao1 self-assigned this Nov 12, 2023
@gouzil
Copy link
Member

gouzil commented Nov 12, 2023
edited
Loading

Need to synchronize and modify to python/setup.py.in

here:

Paddle/python/setup.py.in

Line 915 in 4ff3c4d

command = 'find ${PADDLE_BINARY_DIR}/python/paddle -name "*.so" | xargs -i strip {}'

gouzil
gouzil reviewed Nov 12, 2023
View reviewed changes
python/setup.py.in Outdated
@@ -912,7 +913,7 @@ with open("@PADDLE_BINARY_DIR@/python/paddle/README.md", "r", encoding='UTF-8')

# strip *.so to reduce package size
if '${WITH_STRIP}' == 'ON':
command = 'find ${PADDLE_BINARY_DIR}/python/paddle -name "*.so" | xargs -i strip {}'
command = 'find ${shlex.quote(PADDLE_BINARY_DIR)}/python/paddle -name "*.so" | xargs -i strip {}'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
command = 'find ${shlex.quote(PADDLE_BINARY_DIR)}/python/paddle -name "*.so" | xargs -i strip {}'
command = (
'find '
+ shlex.quote('${PADDLE_BINARY_DIR}')
+ '/python/paddle -name "*.so" | xargs -i strip {}'
)

@zhiheng-liu
Update setup.py.in
a9963bd 
Fixed command quoting bug.
@risemeup1 risemeup1 merged commit 90b4dd0 into PaddlePaddle:develop Nov 14, 2023
28 checks passed
danleifeng pushed a commit to danleifeng/Paddle that referenced this pull request Nov 14, 2023
@zhiheng-liu
Fix it (PaddlePaddle#58923)
1b9769b 
* Quote paddle_binary_dir to prevent command injection.

* Quote paddle_binary_dir to prevent command injection.

* Update setup.py.in

Fixed command quoting bug.
SecretXV pushed a commit to SecretXV/Paddle that referenced this pull request Nov 28, 2023
@zhiheng-liu @SecretXV
Fix it (PaddlePaddle#58923)
de38718 
* Quote paddle_binary_dir to prevent command injection.

* Quote paddle_binary_dir to prevent command injection.

* Update setup.py.in

Fixed command quoting bug.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gouzil gouzil gouzil left review comments

@risemeup1 risemeup1 risemeup1 approved these changes

Assignees

@luotao1 luotao1

@gouzil gouzil

@sunzhongkai588 sunzhongkai588

Labels
contributor External developers HappyOpenSource 快乐开源活动issue与PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@zhiheng-liu @gouzil @risemeup1 @luotao1 @sunzhongkai588